difpt.org Open in urlscan Pro
166.62.10.186 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php
Submission: On May 27 via automatic, source openphish (May 27th 2020, 12:35:24 pm UTC)

Summary HTTP 14 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 166.62.10.186, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is difpt.org.

This is the only time difpt.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Canadian Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
12	166.62.10.186 166.62.10.186	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
1	185.225.208.133 185.225.208.133	13213 (UK2NET-AS) (UK2NET-AS)
1	67.202.94.86 67.202.94.86	32748 (STEADFAST) (STEADFAST)
14	4

12 166.62.10.186 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-166-62-10-186.ip.secureserver.net

difpt.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.225.208.133 (Germany)

ASN13213 (UK2NET-AS, GB)

waust.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.94.86 (Chicago, United States)

ASN32748 (STEADFAST, US)
PTR: amung.us

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	difpt.org difpt.org	105 KB
1	amung.us whos.amung.us	212 B
1	waust.at waust.at	7 KB
14	3

	Domain	Requested by
12	difpt.org	difpt.org
1	whos.amung.us	waust.at
1	waust.at	difpt.org
14	3

This site contains links to these domains. Also see Links.

Domain
whos.amung.us

Subject Issuer	Validity	Valid

This page contains 3 frames:

Primary Page: http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php
Frame ID: 62D743CFC99F92DFADD6495CDC72331F
Requests: 13 HTTP requests in this frame

Frame: http://difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/wmms.svg
Frame ID: 0FB80FF977183F2530B9CE3CDB5E7603
Requests: 1 HTTP requests in this frame

Frame: http://difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/sig-en.svg
Frame ID: 244B0F6FD3D99C4F9EC16FE293646D7A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

14
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

113 kB
Transfer

389 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://whos.amung.us/stats/k79luj4uh0/
Title: 4

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set authenticate.php Show response difpt.org/images/.cra-ca/home404shtmlccrd-request/	10 KB 3 KB	529ms 517ms	Document text/html	166.62.10.186 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Protocol HTTP/1.1 Server 166.62.10.186 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-166-62-10-186.ip.secureserver.net Software Apache / PHP/7.1.33 Resource Hash `bc07151b5fdfed38b951a39fc41610a7b72564534e24bd18ed7e1fbc4ecbf33f` Request headers Host difpt.org Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 27 May 2020 12:34:59 GMT Server Apache X-Powered-By PHP/7.1.33 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Set-Cookie PHPSESSID=023be9a655d374ca23e8de273ac8882d; path=/ Upgrade h2,h2c Connection Upgrade, Keep-Alive Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 3001 Keep-Alive timeout=5 Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	jquery.min.js Show response difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/	82 KB 29 KB	629ms 616ms	Script application/javascript	166.62.10.186 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/jquery.min.js Requested by Host: difpt.org URL: http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Protocol HTTP/1.1 Server 166.62.10.186 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-166-62-10-186.ip.secureserver.net Software Apache / Resource Hash `874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4` Request headers Referer http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 27 May 2020 12:35:00 GMT Content-Encoding gzip Last-Modified Fri, 22 May 2020 17:48:21 GMT Server Apache ETag "70402ac-14915-5a6403c3064cd-gzip" Vary Accept-Encoding,User-Agent Upgrade h2,h2c Connection Upgrade, Keep-Alive Accept-Ranges bytes Content-Type application/javascript Keep-Alive timeout=5 Content-Length 29497
GET H/1.1	200 OK	theme.min.css difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/	199 KB 35 KB	268ms 267ms	Stylesheet text/css	166.62.10.186 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/theme.min.css Requested by Host: difpt.org URL: http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Protocol HTTP/1.1 Server 166.62.10.186 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-166-62-10-186.ip.secureserver.net Software Apache / Resource Hash `e3536ef9cb8bcff43b17377a72b2657db0d020529137688b1fdf4b2ec7a2c105` Request headers Referer http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 27 May 2020 12:35:00 GMT Content-Encoding gzip Last-Modified Fri, 22 May 2020 17:48:21 GMT Server Apache ETag "70402e1-31c1f-5a6403c30bea5-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 35059
GET H/1.1	200 OK	apps.css difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/	3 KB 1 KB	568ms 557ms	Stylesheet text/css	166.62.10.186 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/apps.css Requested by Host: difpt.org URL: http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Protocol HTTP/1.1 Server 166.62.10.186 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-166-62-10-186.ip.secureserver.net Software Apache / Resource Hash `204a17ca995a792e855a803a949467e09f71c1f78ed57551684cab15db078cbe` Request headers Referer http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 27 May 2020 12:35:00 GMT Content-Encoding gzip Last-Modified Fri, 22 May 2020 17:48:21 GMT Server Apache ETag "7040166-c57-5a6403c2fdc15-gzip" Vary Accept-Encoding,User-Agent Upgrade h2,h2c Connection Upgrade, Keep-Alive Accept-Ranges bytes Content-Type text/css Keep-Alive timeout=5 Content-Length 1142
GET H/1.1	200 OK	common.css difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/	2 KB 1 KB	557ms 545ms	Stylesheet text/css	166.62.10.186 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/common.css Requested by Host: difpt.org URL: http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Protocol HTTP/1.1 Server 166.62.10.186 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-166-62-10-186.ip.secureserver.net Software Apache / Resource Hash `93c11c985807fa11dee8e93dabece88c3b74c1e945fa8911c032e75ddd2a6f2d` Request headers Referer http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 27 May 2020 12:35:00 GMT Content-Encoding gzip Last-Modified Fri, 22 May 2020 17:48:21 GMT Server Apache ETag "704016e-995-5a6403c2febb5-gzip" Vary Accept-Encoding,User-Agent Upgrade h2,h2c Connection Upgrade, Keep-Alive Accept-Ranges bytes Content-Type text/css Keep-Alive timeout=5 Content-Length 920
GET H/1.1	200 OK	d.js Show response waust.at/	13 KB 7 KB	42ms 30ms	Script application/x-javascript	185.225.208.133 UK2NET-AS
General Check archive.org Show headers Download Go to Full URL http://waust.at/d.js Requested by Host: difpt.org URL: http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Protocol HTTP/1.1 Server 185.225.208.133 , Germany, ASN13213 (UK2NET-AS, GB), Reverse DNS Software / Resource Hash `21092efadab949c3ad748e1c67c0e5f14eaab93275d2f1ba142464ef02a3735a` Request headers Referer http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 27 May 2020 12:35:00 GMT Content-Encoding gzip Last-Modified Thu, 21 May 2020 14:38:50 GMT ETag W/"5ec6927a-32f2" Transfer-Encoding chunked Content-Type application/x-javascript Access-Control-Allow-Origin * Cache-Control max-age=86400, private Connection keep-alive Expires Thu, 28 May 2020 12:35:00 GMT
GET H/1.1	200 OK	timeout.css difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/	428 B 597 B	553ms 541ms	Stylesheet text/css	166.62.10.186 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/timeout.css Requested by Host: difpt.org URL: http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Protocol HTTP/1.1 Server 166.62.10.186 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-166-62-10-186.ip.secureserver.net Software Apache / Resource Hash `447a4a6c6d785d6fc009367d1fd835b3245114e3162a5dafe288ea54ffd7e0c7` Request headers Referer http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 27 May 2020 12:35:00 GMT Content-Encoding gzip Last-Modified Fri, 22 May 2020 17:48:21 GMT Server Apache ETag "70402e7-1ac-5a6403c30c675-gzip" Vary Accept-Encoding,User-Agent Upgrade h2,h2c Connection Upgrade, Keep-Alive Accept-Ranges bytes Content-Type text/css Keep-Alive timeout=5 Content-Length 241
GET H/1.1	200 OK	font-awesome.css difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/	39 KB 8 KB	355ms 354ms	Stylesheet text/css	166.62.10.186 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/font-awesome.css Requested by Host: difpt.org URL: http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Protocol HTTP/1.1 Server 166.62.10.186 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-166-62-10-186.ip.secureserver.net Software Apache / Resource Hash `6081e5ab192226d10d4ccbb32070bd11f65a079467886afb905ee3b9440952e7` Request headers Referer http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 27 May 2020 12:35:01 GMT Content-Encoding gzip Last-Modified Fri, 22 May 2020 17:48:21 GMT Server Apache ETag "7040184-9b47-5a6403c300325-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 7488
GET H/1.1	200 OK	header-leaf.jpg difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/	7 KB 7 KB	318ms 317ms	Image image/jpeg	166.62.10.186 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL http://difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/header-leaf.jpg Requested by Host: difpt.org URL: http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Protocol HTTP/1.1 Server 166.62.10.186 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-166-62-10-186.ip.secureserver.net Software Apache / Resource Hash `585defecffe2aae3c3daf15f7ce9c8b6482dab389bcbeb030d399f24232e6f64` Request headers Referer http://difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/theme.min.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 27 May 2020 12:35:03 GMT Last-Modified Fri, 22 May 2020 17:48:21 GMT Server Apache ETag "704027d-1b32-5a6403c302a35" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 6962
GET H/1.1	200 OK	header-bg.jpg difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/	15 KB 15 KB	317ms 316ms	Image image/jpeg	166.62.10.186 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL http://difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/header-bg.jpg Requested by Host: difpt.org URL: http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Protocol HTTP/1.1 Server 166.62.10.186 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-166-62-10-186.ip.secureserver.net Software Apache / Resource Hash `52e75f289c865f1608d23ef199d4ddcf6c35a9b1c6596d0b515df7b2ffd5dcb4` Request headers Referer http://difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/theme.min.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 27 May 2020 12:35:03 GMT Last-Modified Fri, 22 May 2020 17:48:21 GMT Server Apache ETag "704018c-3c4c-5a6403c30264d" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 15436
GET H/1.1	200 OK	sft-deco.gif difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/	80 B 346 B	290ms 290ms	Image image/gif	166.62.10.186 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL http://difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/sft-deco.gif Requested by Host: difpt.org URL: http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Protocol HTTP/1.1 Server 166.62.10.186 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-166-62-10-186.ip.secureserver.net Software Apache / Resource Hash `372dbc2821a06ee701e74972f6783b83951fe88459a28913ba425613ff15b909` Request headers Referer http://difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/theme.min.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 27 May 2020 12:35:03 GMT Last-Modified Fri, 22 May 2020 17:48:21 GMT Server Apache ETag "70402d0-50-5a6403c309f65" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 80
GET H/1.1	200 OK	wmms.svg Show response difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/ Frame 0FB8	5 KB 2 KB	279ms 278ms	Document image/svg+xml	166.62.10.186 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/wmms.svg Requested by Host: difpt.org URL: http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Protocol HTTP/1.1 Server 166.62.10.186 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-166-62-10-186.ip.secureserver.net Software Apache / Resource Hash `4dd1b275548819246b29ff689c8f617314c6e7b5a18c30341c001321519f9913` Request headers Host difpt.org Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Response headers Date Wed, 27 May 2020 12:35:03 GMT Server Apache Last-Modified Fri, 22 May 2020 17:48:21 GMT ETag "70402f4-12d3-5a6403c30d22d-gzip" Accept-Ranges bytes Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 1794 Keep-Alive timeout=5 Connection Keep-Alive Content-Type image/svg+xml
GET H/1.1	200 OK	sig-en.svg Show response difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/ Frame 244B	11 KB 3 KB	263ms 263ms	Document image/svg+xml	166.62.10.186 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://difpt.org/images/.cra-ca/home404shtmlccrd-request/details_files/sig-en.svg Requested by Host: difpt.org URL: http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Protocol HTTP/1.1 Server 166.62.10.186 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-166-62-10-186.ip.secureserver.net Software Apache / Resource Hash `ddc04f3de34dce28968926fb8d174ad39a07b875392fa406b07fc4c729a47438` Request headers Host difpt.org Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php Response headers Date Wed, 27 May 2020 12:35:03 GMT Server Apache Last-Modified Fri, 22 May 2020 17:48:21 GMT ETag "70402d2-2a0c-5a6403c30a34d-gzip" Accept-Ranges bytes Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 2247 Keep-Alive timeout=5 Connection Keep-Alive Content-Type image/svg+xml
GET H/1.1	200 OK	/ Show response whos.amung.us/pingjs/	28 B 212 B	274ms 262ms	Script text/javascript	67.202.94.86 STEADFAST
General Check archive.org Show headers Download Go to Full URL http://whos.amung.us/pingjs/?k=k79luj4uh0&t=Confirm%20Your%20Identity&c=d&y=&a=0&r=5011 Requested by Host: waust.at URL: http://waust.at/d.js Protocol HTTP/1.1 Server 67.202.94.86 Chicago, United States, ASN32748 (STEADFAST, US), Reverse DNS amung.us Software / Resource Hash `76ba1dcdc4a4788b4c0230926b957bb1831dd7ccdc263983a3a4259d1f43051c` Request headers Referer http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Wed, 27 May 2020 12:35:03 GMT content-encoding gzip transfer-encoding chunked content-type text/javascript;charset=UTF-8
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d` Request headers Referer http://difpt.org/images/.cra-ca/home404shtmlccrd-request/authenticate.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Canadian Government (Government)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

difpt.org
waust.at
whos.amung.us
166.62.10.186
185.225.208.133
67.202.94.86
204a17ca995a792e855a803a949467e09f71c1f78ed57551684cab15db078cbe
21092efadab949c3ad748e1c67c0e5f14eaab93275d2f1ba142464ef02a3735a
372dbc2821a06ee701e74972f6783b83951fe88459a28913ba425613ff15b909
447a4a6c6d785d6fc009367d1fd835b3245114e3162a5dafe288ea54ffd7e0c7
4dd1b275548819246b29ff689c8f617314c6e7b5a18c30341c001321519f9913
52e75f289c865f1608d23ef199d4ddcf6c35a9b1c6596d0b515df7b2ffd5dcb4
585defecffe2aae3c3daf15f7ce9c8b6482dab389bcbeb030d399f24232e6f64
6081e5ab192226d10d4ccbb32070bd11f65a079467886afb905ee3b9440952e7
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d
76ba1dcdc4a4788b4c0230926b957bb1831dd7ccdc263983a3a4259d1f43051c
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
93c11c985807fa11dee8e93dabece88c3b74c1e945fa8911c032e75ddd2a6f2d
bc07151b5fdfed38b951a39fc41610a7b72564534e24bd18ed7e1fbc4ecbf33f
ddc04f3de34dce28968926fb8d174ad39a07b875392fa406b07fc4c729a47438
e3536ef9cb8bcff43b17377a72b2657db0d020529137688b1fdf4b2ec7a2c105

difpt.org Open in urlscan Pro 166.62.10.186 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

14 Requests

0 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

113 kBTransfer

389 kBSize

0 Cookies

1 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

0 Cookies

Indicators

difpt.org Open in urlscan Pro
166.62.10.186 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

113 kB
Transfer

389 kB
Size

0
Cookies

14 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!